CVE-2008-3532

Published: Aug 8, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch

x_refsource_MISC

oval:org.mitre.oval:def:18327

vdb-entry

signature

x_refsource_OVAL

MDVSA-2009:025

vendor-advisory

x_refsource_MANDRIVA

31390

third-party-advisory

x_refsource_SECUNIA

ADV-2008-2318

vdb-entry

x_refsource_VUPEN

http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434

x_refsource_CONFIRM

33102

third-party-advisory

x_refsource_SECUNIA

USN-675-1

vendor-advisory

x_refsource_UBUNTU

http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch

x_refsource_CONFIRM

32859

third-party-advisory

x_refsource_SECUNIA

http://developer.pidgin.im/ticket/6500

x_refsource_CONFIRM

pidgin-ssl-spoofing(44220)

vdb-entry

x_refsource_XF

RHSA-2008:1023

vendor-advisory

x_refsource_REDHAT

oval:org.mitre.oval:def:10979

vdb-entry

signature

x_refsource_OVAL

30553

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-3532

Description

Affected Products

References